On Sun, Jan 28, 2007 at 12:47:18PM -0500, Thor Lancelot Simon wrote:
> > Wouldn't the old root also (until it actually expires) verify any
> > certificates signed by the new root? If so, why does a server need to
> > send the new root? So long as the recipient has either the new or the
> > old root, the chain will be valid.
>
> That doesn't make sense to me -- the end-of-chain (server or client)
> certificate won't be signed by _both_ the old and new root, I wouldn't
> think (does x.509 even make this possible)?
>
> Or do I misunderstand?
The key extra information is that old and new roots share the same issuer
and subject DNs and public key, only the start/expiration dates differ,
so in the overlap when both are valid, they are interchangeable, both
verify the same (singly-signed) certs. What I don't understand is how
the old (finally expired) root helps to validate the new unexpired root,
when a verifier has the old root and the server presents the new root
in its trust chain.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
